mythcat: Linux: tools to scan a Linux server for malware and rootkits.

This tools are: chkrootkit, rkhunter, fuser and ISPProtect. All of this tools can be install under Fedora 25 with dnf tool. First tool is chkrootkit is a classic rootkit scanner. It checks your server for suspicious rootkit processes and checks for a list of known rootkit files.

[root@localhost mythcat]# chkrootkitROOTDIR is `/'Checking `amd'... not foundChecking `basename'... not infectedChecking `biff'... not foundChecking `chfn'... not infectedChecking `chsh'... not infectedChecking `cron'... not infectedChecking `crontab'... not infectedChecking `date'... not infectedChecking `du'... not infectedChecking `dirname'... not infectedChecking `echo'... not infected...

The Rootkit Hunter named rkhunter is a Unix-based tool that scans for rootkits, backdoors and possible local exploits.

The output of this command let you to see the recall of anything on your machine that should be listening on tcp port 5222.

[root@localhost mythcat]# fuser -vn tcp 19635...

This output indicates that there is a process named “foo” running with PID number and listening on port 19635. The last tool is ISPProtect. ISPProtect is a malware scanner for web servers, it scans for malware in website files and CMS systems like WordPress, Joomla, Drupal